Communications through the internet / world wide web rely on a set of standards referred to as Hyper Text Transfer Protocol, or “HTTP“. Without going too deeply into the details, HTTP provides a method to request information and to have information delivered. When you type a web address in your browser, you are requesting to see that specific page. Every page of every website has a unique address, or “URL” (Uniform Resource Locator), which contains the data you are looking for. This web page is typically stored on a computer or web hosting site. When the request is received, the hosting site responds with the web page, which is then displayed in your web browser. If you happen to request a page which doesn’t exist or doesn’t have a valid address, you’ll most likely see a “404 Page Not Found” error.
The majority of web pages, pictures and videos you would view on the web don’t contain any sensitive information. But what about when you need protection for your information? The most common examples are shopping sites like Amazon, banking sites like Wells Fargo or entertainment sites which require credit card or electronic payment information. There also needs to be a mechanism for these sites to protect themselves against malicious users and hackers. In these cases, a security level is needed on top of the HTTP communication methods, which is the “S” in “HTTPS“.
To make it easy to identify which websites are using secure communications, in addition to the “https://” prefix which may show in the web address, each of the the major web browsers have visual cues. To illustrate this, we’ll look at how the Amazon site shows up:
In Internet Explorer (IE), we see the https:// at the start of the website address as well as a yellow padlock icon to the far right. The padlock is the visual identifier to let us know this is a secure site.
In Firefox, just like with IE, we get the prefix https:// and in this case a green padlock just to the left of the web address. Having the visual cue to the left makes it easier to notice.
In Chrome, we again get the https:// and the padlock to the left. Chrome also lets us know this web page is secure by providing the text “Secure”. No guesswork needed as to what a padlock means.
As of late January, Chrome will identify any webpages that ask for passwords or payment information. If it is running under HTTPS, the “secure” visuals will be shown. However, if it is not running HTTPS, Chrome will give a “Not Secure” indicator to the right. Going forward, Chrome will make it even more obvious by including a red hazard icon along with a bold red “Not Secure” textual warning. Wordfence recently published details on the Chrome roll-out.
What this means for users is a simple, easily recognizable way to quickly recognize if a website is secure for purchasing, gaming, banking or just running a higher level of protection. If you don’t see any secure visual cues on the majority of the pages you visit, there is not need to worry as long as you aren’t providing any personal information. So go ahead and watch those cat videos and read reviews on the 99% of sites that don’t need to be running security.
If you are a developer or would like to have more information on securing websites and transactions, may be recommend these titles from Amazon:
HTTP: The Definitive Guide ($34.85 – Paperback)
What Every Web Developer Should Know About HTTP ($0.00 – Kindle Unlimited eBook)
WordPress Security 101: How to secure your website against hackers ($0.00 – Kindle Unlimited eBook)
Implementing SSL / TLS Using Cryptography and PKI ($41.72 – Paperback)
See here for more information on the pricing.
We would like your opinion – Would you value content more if a site is secure? Please share below …